Borrowing best practices from other governmental cybersecurity programs, Cook County is training its entire workforce on how to guard against cyberattacks.
As cybersecurity threats have increased in recent years, local and state governments are starting to take proactive steps to combat cybercrime. In Illinois, the Cook County Board of Commissioners passed a resolution in early October to supplement county training programs with a new cybersecurity training program.
Cook County is the largest county in Illinois and the second largest in the U.S., with a population of 5.4 million people, according to the latest census figures. Michael Masters is the county's executive director of Homeland Security and Emergency Management.
“We want to make sure our employees, our workforce are educated on how to address those [cybersecurity] issues,” he said.
States like Michigan and New Jersey have recently rolled out new initiatives to beef up their cybersecurity defenses. Municipalities such as Los Angeles have added “command centers” to coordinate their efforts, although some wonder whether they will be able to effectively utilize the web to increase governmental efficiencies in the future because of the growing threat of cybercrime.
Masters told Government Technology that Cook County has an “incredible amount” of diverse data that has to be safeguarded from attack.
Widely cited statistics say that there are 556 million victims of cybercrime per year and more than 1.5 million per day. The price of cybercrime globally is estimated at $110 billion annually.
A study done by security firm McAfee and the Center for Strategic and International Studies in July 2013 found that cybercrime cost the United States between 0.2 to 0.8 percent in losses to Gross Domestic Product – representing $24 billion to $120 billion.
The federal government sought to fight back against cybercrime in 2012, spending more than $15 billion on cybersecurity efforts – about 20 percent of its total spending on information technology.
“One of the things we have not focused on diligently enough as a country … is dealing with cybersecurity and infrastructure at the local level,” Masters said.
Masters said that it is “very vital” that local governments do not leave a gap in the system that would allow cybercriminals to gain access. Given the size and complexity of Cook County and its many jurisdictions, they are currently doing an assessment of all cybersecurity systems.
While Masters said the county does not face any specific credible threats at this time, he pointed to the call to action from international hacker group Anonymous, which targets November 5, or Guy Fawkes Day, to attack private and public computer systems and wreak digital havoc on them.
“I think the call to action highlights the need for this training,” he said, adding that the county is adopting a proactive approach to cybersecurity training.
Cook County's training program includes ways to protect browsers from attack, how to properly lock computers and making sure passwords are strong. All county employees will undergo the training.
“We have to make our people smart, and only if we do that will we be able to counteract the threats that face us,” Masters said.
The county is working with MS-ISAC (Multi-State Information Sharing and Analysis Center) and the SANS Institute to develop the training, as well as incorporating input from different states and the federal government.
“We’re constantly working with our partners to analyze and incorporate national best practices,” he said.
Masters is also working with the Department of Homeland Security and the state of Illinois to look for ways to attract the best and brightest young technical minds to work in IT services at the local government level.
“We’re never going to be competitive with preventing cyberattacks unless we have people in government that are smart, driven, that can highlight these issues,” he said.